fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " data breach "

Administrative fine of 170.000 € imposed on Bergen Municipality

The Norwegian Supervisory Authority (Datatilsynet) has imposed an administrative fine of 1.6 million Norwegian kroner, or the equivalent of 170.000 €, on the Municipality of Bergen.

The incident relates to computer files with usernames and passwords to over 35000 user accounts in the municipality’s computer system. The user accounts related to both pupils in the municipality’s primary schools, and to the employees of the same schools. Due to insufficient security measures, these files have been unprotected and openly accessible. The lack of security measures in the system made it possible for anyone to log in to the school’s various information systems, and thereby to access various categories of personal data relating to the pupils and employees of the schools.

Source: Administrative fine of 170.000 € imposed on Bergen Municipality | Datatilsynet

Turkish watchdog fines Facebook $271,000 for data breach

Turkey’s Personal Data Protection Authority (KVKK) said on Friday it had fined Facebook a total of 1.65 million lira ($270,976.01) in April due to a data breach.

It cited a Facebook statement from December as saying the company had discovered a photo API bug that allowed third-party applications to access Facebook user photos.

Source: Turkish watchdog says it fines Facebook $271,000 for data breach – Reuters

Benchmarking Data on the First Anniversary of the GDPR

Organizations should already have most of the basic structures for compliance with GDPR in place – the ability to respond to data subject access requests, the extensive mapping and tracking of data that is processed, etc.

But how are organizations responding to data breaches when they occur? And how are they making some of the critical determinations around if they need to provide notification, to whom, and when?

Full article: Benchmarking Data on the First Anniversary of the GDPR

61% of IT professionals have experienced a serious data breach

McAfee revealed in its Grand Theft Data II – The Drivers and Shifting State of Data Breaches, that IT security professionals are struggling to secure their organisation despite improvements.

The report revealed that 61% of IT professionals have experienced at least one data breach at their current company and 48% at a previous company.

Source: 61% of IT professionals have experienced a serious data breach, research reveals

Reported data breach numbers increase by 56% for early January

A recently-published study shows that the number of reported data breaches for the first three months of 2019 was up by 56.4% in comparison with the same time frame in 2018.

The research comes from the new Data Breach Report issued by security analytics firm, Risk Based Security.

Source: Reported data breach numbers increase by 56% for early January

Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

There is always significant negotiation around caps on liability when negotiating a contract with a technology vendor. If the vendor will have access to the personal information of its customers’ end users (regardless of whether the end users are employees or customers), treatment on caps on liability take on heightened importance.

Given the findings in the 2019 Data Security Incident Report (“DSIR”), what rule of thumb or general guidance exists to guide decision-making regarding acceptable financial risk allocation?

Full article: Deeper Dive: Security Incident Mitigation Strategy: Effective Negotiation of Technology Contract Limitations of Liability

Deeper Dive: GDPR a Game-Changer for Data Breach Notification

When the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018, it dramatically changed the way multinationals manage the reporting of personal data breaches.

It also substantially raised the stakes: Entities found to have violated the GDPR’s data security and breach reporting obligations could face much steeper regulatory fines than those available under U.S. laws.

Full article: Deeper Dive: GDPR a Game-Changer for Data Breach Notification

Hackers publish personal data on thousands of US police officers and federal agents

A hacker group has breached several FBI-affiliated websites and uploaded their contents to the web, including dozens of files containing the personal information of thousands of federal agents and law enforcement officers.

The hackers breached three sites associated with the FBI National Academy Association, a coalition of different chapters across the U.S. promoting federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA.

The hackers then put up for download on their own website the data containing about 4,000 unique records, including member names, a mix of personal and government email addresses, job titles, phone numbers and their postal addresses.

Source: Hackers publish personal data on thousands of US police officers and federal agents | TechCrunch

‘Privacy Is Becoming a Luxury’: What Data Leaks Are Like for the Poor

The last few years have featured some of the largest and most potentially damaging data leaks in history, like the Equifax credit breach. But low-income Americans often find themselves trading personal information for access to benefits ranging from food to housing to childcare.

“For low-income people, the stakes [of a data breach] are higher,” said Michele E. Gilman, director of the Saul Ewing Civil Advocacy Clinic at the University of Baltimore, and a former Department of Justice civil rights attorney. She cited examples of former clients whose utilities were shut off after someone opened a false account in their name and failed to pay, or who were picked up on warrants for crimes committed by someone else under their name. For people without money to quickly reinstate a utility service or hire a criminal attorney, those types of errors—even if eventually rectified—can have long-lasting consequences, including job loss or child protective involvement.

Full article: ‘Privacy Is Becoming a Luxury’: What Data Leaks Are Like for the Poor – VICE

The Latest Big Data Breach Should Make You Rethink How You Pay For Everything

The restaurant group Earl Enterprises confirmed that over two million credit cards were compromised in a breach affecting diners at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy! and other restaurants between May 2018 and March 2019.

This breach presents a timely opportunity for consumers to reassess their own level of risk. Mobile pay systems – Apple Pay, Google Pay (formerly Android Pay), Samsung Pay and others – are more secure than other payment methods.

Source: The Latest Big Data Breach Should Make You Rethink How You Pay For Everything

>